Jean-Marc Desperrier wrote:
Ben Laurie wrote:
No - it is a limitation of the current usage of http over SSL, where the
SSL negotiation happens before the Host: header. It is a general problem
inherent in most simplistic SSL-ing of protocols, where the rush to SSL-ify
meant that
Jean-Marc Desperrier wrote:
I'm trying to define an ASN1 type that has an element which is a stack
of UTF-8 string usins 0.9.4 and I have some problems.
I figured I had to define the type STACK_OF(ASN1_UTF8STRING) with
DECLARE_STACK_OF(ASN1_UTF8STRING), but this bring problems.
I
Jean-Marc Desperrier wrote:
In non-debug version, we have :
#define ASN1_UTF8STRING ASN1_STRING
and
#define DECLARE_STACK_OF(type) \
typedef struct stack_st_##type \
{ \
STACK stack; \
} STACK_OF(type); \
STACK_OF(type) *sk_##type##_new(int (*cmp)(type **,type **));
Ben Laurie wrote:
Dr Stephen Henson wrote:
Jean-Marc Desperrier wrote:
There's a problem with this solution. If you need another ASN1_STRING
equivalent STACK_OF such as ASN1_IA5STRING you get a conflict because
the structure STACK_ASN1_STRING gets declared twice.
If IA5STRING used
Bob Ollila wrote:
I have a short program which does a DSA_sign() and DSA_verify() which gives me the
following error output using ERR_print_errors():
1792:error:0A070064::lib(10) :func(112) :reason(100):dsa_sign.c:121:
1792:error:0D06B078::lib(13) :func(107) :reason(120):asn1_lib.c:139:
Richard Dykiel wrote:
OpenSSL 0.9.5
Windows NT4
VC6, Openssl generated with debug info and linked statically to
LIBCMTD (static debug mutltithreaded)
I am generating certificates using a customized configuration file:
the config file specifies passwords so that I dont have to give them
Brian Korver wrote:
I believe there is a X509_NAME_ENTRY_set_data() bug in 0.9.5 that is
triggered by X509_NAME_ENTRY_create_by_NID() when called with
'type' set to V_ASN1_APP_CHOOSE.
Here's the diff between 0.9.4 and 0.9.5 for X509_NAME_ENTRY_set_data():
int
Thomas Roessler wrote:
On 2000-03-14 07:37:49 +0100, Richard Levitte - VMS
Whacker wrote:
Personally I don't see the problem with getting the
correct mime headers served by smime and just graft
them in among all the others, but YMMV.
While this may be fine for the simplest
Thomas Roessler wrote:
On 2000-03-14 12:34:38 +, Dr Stephen Henson wrote:
At the time I couldn't find a MIME parser with an
appropriate licence that worked on the same platforms
as OpenSSL. More importantly none of them seemed to
handle multipart/signed properly.
I may
Brian Korver wrote:
Dr Stephen Henson wrote:
Thanks, I'll look into it. BTW use of V_ASN1_APP_CHOOSE (when it is
fixed again) is strongly discouraged in 0.9.5 and later.
Steve,
Is the deprecation of V_ASN1_APP_CHOOSE documented somewhere?
Where can I learn what The Right Thing
Salz, Rich wrote:
The folks at the Distributed Systems Technology Center is building
a PKI from the ground up. They've made similar modifications to
SNACC. The primary difference is that VanDyke considers their version
to be frozen ("it does what we need it to do") while DSTC might still
Corrado Derenale wrote:
Hi,
how can be possible that a program compiled with the previous version of
the library, the 0.9.4 work very well and compiled with the last one the
9.5 generate a segmentation fault? The instruction that cause the
segmentation fault is a simple PKCS7_dataDecode
Eric Gilbertson wrote:
Hello:
Can anyone point me to a solution to the infamous handshake
problems that occur when a weak crypto client attempts to
connect with a strong server? I've purused the relevant
posts in the archives and they seem similar but not exactly
the same as what I am
Eric Gilbertson wrote:
Hello Again:
Can anyone tell me what the purpose of the RSA_public_decrypt()/
RSA_private_encrypt() pair calls that are used in the SSL3 key
change protocol is? Since they are operating on digested data
it appears that they are used to implement signing? If that is
Eduardo Calderón Chao wrote:
Hi, I have developed the code below, and I have found some problems. I
call the
"PKCS12_parse" function and then the "*_free" functions for releasing
the
memory that I have allocated before.
I noticed that the memory is not released in a right way, because
Bob Ollila wrote:
I'm porting some Solaris code ( that works ) to NT. The code uses the DSA functions
from openssl-9.4. For some reason it's crashing when I try to print the dsa
structure using DSA_print().
When I comment out the DSA_print() statement everything else works. Here is the
Bob Ollila wrote:
Steve, thanks for your help, but I think I need a little more detail/clarification.
The standard build of openssl includes the /MD flag, so I assume that the libs that
were built were the multithreaded libs? Does my application need to specify this
same option when
[EMAIL PROTECTED] wrote:
Tough nut, but interesting project if you can pull out the key. Anybody
on this list understand Netscape's key3.db file well enough to pull out
the private key associated w/ a client cert stored in cert7.db?
There's enough info on my home site to do this. Netscape
John Byrd wrote:
I've generated a trivial 1024-bit RSA key using RSA's Crypto-J CertReqTool.
The tool doesn't offer an
opportunity to create the key unencrypted (I don't think), but when it
prompted for a password I entered a blank. Tell me what you think. It would
be nice to use
Evan Carew wrote:
Ulf Möller wrote:
What do you want to add? As a general answer, have a look at the
"Makefile.ssl" files in the various directories.
__
Ulf,
Re my initial message, I am adding a NEW directory
See below...
Douglas Lee wrote:
2) Generate new CR file using "CA.sh -newreq". This generates the file
certificate request file newreq.pem.
It also generates a new private key in privkey.pem
3) Sign the CR file using the CA file by "CA.sh -sign". This generates
the certificate file
hazel Gao wrote:
I want to do some sign and unsign work. In openssl, I
found X509_sign which uses ASN1_sign. But these two
APIs are used to sign X509 certs, so a CTX must be
included. My work is just get a private key and se
this key to sign the md5 digest of some data. Can
anyone tell me
Jean-Marc Desperrier wrote:
Hi,
Either I've got something wrong or there's a big problem here.
I create new objects with OBJ_create, giving their OID as an argument
and getting back an NID.
Then I convert some data that is the DER encoding of an OID to an
ASN1_OBJECT.
I then
Dave wrote:
Hello,
I am trying to test OpenSSL for RSA Keon interopability.
All tests pass except for the following,...
bash% openssl crl -inform DER -in keon2.crl -text
unable to load CRL
6062 error:0DA4008:asn1 encoding routines, etc. etc. etc.
Does anyone have any experience
hazel Gao wrote:
Can not find EVP_SignInit in openssl-0.9.5's man page,
nor in the site. I'm downloading beta2 for new info.
doc/crypto/EVP_SignInit.pod
As I just need rsa sign, is RSA_sign and RSA_verify
enough?
As long as you supply the required digest to it. However EVP_SignInit()
Danny Grasse wrote:
Here is the output from the ERR_print_errors_fp call.
27084:error:2306B076::lib(35) :func(107) :reason(118):p12_mutl.c:80:
27084:error:2307E06D::lib(35) :func(126) :reason(109):p12_mutl.c:105:
27084:error:23076071::lib(35) :func(118)
ing. Jiri Holinek wrote:
Sorry for my English.
I have a simple program for generating RSA key with writting it in
DER format. But key converted with i2d_RSAPrivateKey function to
DER format is invalid.
openssl rsa -infrom der -in privkey.der reports:
read RSA key
unable to load key
hazel Gao wrote:
2. It seems that in my program
PEM_read_bio_RSAPrivateKey(in,NULL,NULL,NULL) can only
deals with keyfiles without RSA pass phase protection,
and return NULL for keyfiles that do have pass phase.
But in apps/rsa.c, the same code can do with both!
Bellow is the error I
hazel_gao wrote:
I want to load a X509 cert from a pem format buffer. I know there are
PEM_read_X509 and PEM_read_bio_X509. But they are for files. Saving the
buffer to a file, then open it to load X509 sounds somewhat stupid. Can
anyone tell me an API to load X509 from a char* buffer?
Howard Chu wrote:
Yes, it's quite easy. This works for me in 0.9.4:
(char *buf; int len; values should already be set)
...
BIO *bi = BIO_new(BIO_s_mem());
BUF_MEM bf;
X509 *x;
bf.length = len;
bf.data = buf;
bf.max = bf.length;
BIO_set_mem_buf(bi, bf, 0);
x = PEM_read_bio_X509(bi,
Hellan,Kim KHE wrote:
I have a key file and a cert file with one certificate (signed by a CA).
All I want to do is "combine" these two files in a PKCS#12 file.
Does anyone know how to perform this relatively "simple" task (which
functions must be called)?
I have looked in the pkcs12.c
Hellan,Kim KHE wrote:
I'm using Win NT4 with Visual Studio 6 and OpenSSL version 0.9.5.
I'm trying to read a file with a private key using:
EVP_PKEY* pKey = (EVP_PKEY*) PEM_ASN1_read( (char *(*)())d2i_PrivateKey,
PEM_STRING_EVP_PKEY, fpKey, NULL, NULL, NULL);
Rene Grosser wrote:
Hi,
I guess there is a coding error here inside the
check_purpose_ssl_server() function
that causes the excecution of the following line in case of a server
side CA-
Check:
if(xku_reject(x,XKU_SSL_CLIENT)) return 0;
Got a problem when connecting to
Robert Hines wrote:
Can someone point me to some Win32 Binaries? I have attempted to
compile 5 times now (MS VC++, Win2K) and cant get the makefile to
make. :-) I am about out of time on the project so I would to simply
get my hands on the binaries at this point.
Which version of
Pam Gagnon wrote:
Ok, I haven't gotten very far. I am not a Unix/C person so fogive me...
I am following the instructions for installing Win32. I can't execute the
following:
ms\do_ms
What is ms? I have Visual C++ 5.0 on my machine and the perl stuff. I have
no executable
Hovav Shacham wrote:
Hello, all --
According to both the SSL3 draft and TLS, a server can send a chain of
certificates, beginning with its own and leading towards a root CA.
Posts by Netscape engineers (seen on Dejanews) strongly suggest that
Netscape Communicator can handle chains.
I
Bodo Moeller wrote:
Dr Stephen Henson [EMAIL PROTECTED]:
[...]
How many certificates are in the chain? If its only two then there's no
point because the root will have to be in the browser anyway.
This is a convenient way to get it into the browser, assuming that you
distribute
Pete Jenkins wrote:
Have not had any luck getting this to compile. Does anyone have a VC++6
project with working code they can pass on? This would also be handy to put
on the site as a zip.
If not, here is what has been tried so far:
1-Download openssl-0.9.5a.tar
2-Try to install
Pete Jenkins wrote:
Check workspace files and explanations of compile process at
http://www.iconsinc.com/~agray/ossldev/
Workspace files there work really fine.
Following the included instructions:
3. Open a command prompt and run "perl Configure VC-WIN32" as per the
Eugene Levy wrote:
Is there anyway to add the BF (BlowFish) symmetric cipher to TLS, so
that within a TLS session, randomly generated BF keys are used? For
those paranoid with security, a "BF-SHA1" cipher, with 256-448 bit
random keys can be used. The current release of openssl-0.95a
Hellan,Kim KHE wrote:
Hi
I have a private key (PEM), certificate/root certificate (DER) and a small
text: "This is a test".
Using PKCS#7, I would like to make a small test program, where I sign the
text with the private key, write this PKCS#7 object to a file, read the file
again and
Hellan,Kim KHE wrote:
Using OpenSSL 0.9.5
I am trying to verify a signature in an S/MIME message. I have tried the
following:
OpenSSL smime -verify -in mysmime.txt -signer mysigncert.p7c -CAfile
myrootstore.pem
It came back with a "Verification successful".
So far, so good..
I
Shridhar Bhat wrote:
Hi,
I am new to OpenSSL and have been playing with the OpenSSL
tool. What I did was created a CA, have a user cert signed by that CA,
then converted the user cert to pkcs12 and imported it in netscape 4.7.
(IE 5 kept saying invalid certificate, any ideas why??).
amit nigam wrote:
Hi,
Actually, I want client and server to use to DH_BF_MD5, but I am unable
to proceed.
Please shred some light on this
There are only a fixed set of cipher/digest/public key encryption
algorithms you can use as defined in the specifications.
DH_BF_MD5 isn't specified.
amit nigam wrote:
Thanx Henson,
I have to develop secure socket communication for our application. We have
decided to use SSL as an intreface for secore communication. We have to write
some wrapper functions to use SSL for general client and server
communication. But as I was going thru
Lucas C. Ferreira wrote:
Hello,
is there any plan/project to include elliptic curve cryptosystems in
OpenSSL?
We work with this kind of crytosystem and would like to participate in such
a project.
Please send answers to my personal email also.
AFAIK there isn't a project as yet
Marco Russo wrote:
Hi all.
What is the exact significate of nosigs option verifying a message? What
is the advantage of a signed message if the signature is not verified?
Is the answer about certificates distribution and verification?
Thanks in advance.
Yes that's one use: someone with
Craig Hellon wrote:
Does anyone know if its possible and how to make an openssl
based server support the SGC handshaking an IE export browser
makes when it attempts to reset the connection and restart the SSL handshake
at the higher encryption.
With OpenSSL 0.9.5 or later it should work
Gao Yuhang wrote:
I have sent this mail yesterday with a false title, so I'm senfing this
again, sorry for the spam.
Hi,
Does anyone knows how to change the EVP tags? Or is there a conf
file to do this dynamically? The fact is that I want to change the cert
request's tag. Many
Claus Assmann wrote:
Hi! At least some "good" news: I found the bug. Here's the problem
description again:
(starttls to connect to mail.stalker.com, using OpenSSL 0.9.5a)
! According to the SSL/TLS standard, the first 2 bytes of that secret
! should be the protocol version. Since
amit nigam wrote:
Thanx Dr Stephen,
Your advice is precious to us for designing the SSL socket interface for out
project.
Since we have decided BlowFish, DH and MD5 just for to get rid of patent thing. But
as you suggested that BlowFish cannt be used because it is not a standard one. Now
Arnaud De Timmerman wrote:
All,
Trying to verify a message I've just signed with openssl, I've got this message
:
Verification Failure
381:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smim
e.c:205:Verify error:unable to get
Lutz Jaenicke wrote:
As you can see, with "openssl ca ..." you violate RFC2459 since you (the CA)
do not check the subject alternative name, as it is not displayed before
signing.
The only subject alt name's it will use are those in the config file or
the DN email address which ca does
Claus Assmann wrote:
Attached is a patch for the problem reported earlier. Please let
me know whether the patch is ok.
It's not as simple as just changing the version number sent. I suspect
if you try to connect this modified client code to:
openssl s_server -notls1
it will produce an
Bodo Moeller wrote:
On Sat, May 20, 2000 at 02:07:04AM +0100, Dr Stephen Henson wrote:
Its not apparent that this actually *is* a bug. If you examine the SSLv3
spec: [...]
It is *definitely not* a bug. The SSL 3.0 and TLS 1.0 specifications
are quite clear on this: "The l
Bodo Moeller wrote:
On Tue, May 23, 2000 at 01:21:51PM +0100, Dr Stephen Henson wrote:
Actually there's no security problem for servers to accept a
PreMasterSecret that contains the negotiated protocol version instead
of the client_version from the ClientHello if these don't match
Ben Laurie wrote:
Interesting ... that code has not actually changed in living memory (OK,
I added a "const" two lines before), so it is curious that it suddenly
causes a problem. Anyway, I totally agree that the ## is not needed.
Erm I created it about a week ago as part of the major
On Fri, Feb 16, 2007, Andrew Brampton wrote:
Hi,
I don't know if I'm doing this correctly, but when I call X509_dup on a
X509 object that has been recently created it returns NULL. For example
X509 *x1 = X509_new();
X509 *x2 = X509_dup ( x1 );
// x2 is null, indicating a duplication
On Wed, Feb 21, 2007, Lutz Jaenicke wrote:
Goetz Babin-Ebell wrote:
Lutz Jaenicke wrote:
Goetz Babin-Ebell wrote:
[...]
* in SMTP doing a STARTTLS without previous EHLO
will return a
503 STARTTLS command used when not advertised
* in IMAP doing a STARTLS requires a
.
On Sat, Feb 24, 2007, [EMAIL PROTECTED] wrote:
Hi,
-mcpu wasn't deprecated on SPARC. I think it was only deprecated
on i386.
Seems that some platforms support -mcpu and others -march, ugh. I've
reverted the sparc changes to the Configure script.
BTW, you might want
On Thu, Mar 01, 2007, richard zhao wrote:
Hello,all,
I am doing SSL programming, one question is
challenging me. what I did on server side is:
BIO *servSock=BIO_new_accept(port);
if(servSock==INVALID_SOCK2)
{
error handle...
}
if(BIO_do_accept(servSock)=0)
{
error handle...
On Fri, Apr 27, 2007, Sascha Kiefer wrote:
Thanks for your response.
Please see the other mail i wrote in response.
The one that has the complete ocsp response dump.
You should be able to use the OpenSSL ocsp utility to test that stuff,
including (with a debugger or printf) the expected
On Fri, Apr 27, 2007, Brent Casavant wrote:
Hello,
I'm developing an engine to support hardware acceleration of a number
of different block ciphers, some of which OpenSSL does not (yet) have
native support for (e.g. AES 128 CTR, TEA, etc).
One of the problems I'm trying to solve is
On Wed, May 09, 2007, Nikolay Zapolnov wrote:
Hello,
My name is Nikolay,
I am representing the NetUP company.
Currently we are being certified by the KPMG company, Russia
under the program AICPA/CICA. WebTrustSM/TM. Program for
Certification Authorities.
After the successful
On Wed, May 16, 2007, _mikie wrote:
My issue stems from a server expecting an PKCS1 X509 ASN.1 BER encoded
public key. I'm currently calling i2d_RSA_PUBKEY() after generating a new
RSA object, but the result is in DER encoding and the server does not like
it. The code calling this orginally
On Tue, May 22, 2007, Peter Hartley wrote:
Hi there,
Having just downloaded GCC 4.2.0 and discovered that it can't build
OpenSSL (not even in the snapshots AFAICT), I'd like to offer a possible
solution.
The earlier thread on openssl-dev explains that OpenSSL chooses to cast
the
On Tue, May 22, 2007, Peter Hartley wrote:
Hi there,
Having just downloaded GCC 4.2.0 and discovered that it can't build
OpenSSL (not even in the snapshots AFAICT), I'd like to offer a possible
solution.
The earlier thread on openssl-dev explains that OpenSSL chooses to cast
the
On Fri, Jun 01, 2007, Robin Bryce wrote:
Hi,
In both openssl-0.9.8b and openssl trunk ssl3_send_server_key_exchange
passes the address of an uninitialised variable to RSA_sign as the
siglen parameter. In the presence of RSA_FLAG_SIGN_VER and an engine
implementation that provides an
On Tue, Jun 12, 2007, Goetz Babin-Ebell wrote:
--On Jun 12, 2007 18:28:49 +0200 Nanno Langstraat [EMAIL PROTECTED] wrote:
v2 of the SHA save patch.
Is there a special reason to limit it to SHA ?
Why not a EVP_MD_CTX_{load|save} ?
That would be the preferred option since we've
On Tue, Jul 10, 2007, Raymond Yuan wrote:
Hi,
After building OpenSSL FIPS module in a manner required by security
policy, I tested non-supported algorithm in FIPS mode. I saw two different
result behaviours:
1. application aborts
when non-supported symmetric key
On Tue, Sep 04, 2007, Martin Peylo wrote:
Hi,
I'm trying to get into the ASN1 stuff of Openssl. I'm having problems
using the X509_ALGOR structure, could anyone please be so kind help me
with this?
I have to set something like
=== CODE ===
typedef struct xxx_mysequence_st
{
On Tue, Sep 04, 2007, Kurt Roeckx wrote:
On Tue, Sep 04, 2007 at 05:22:43PM +0200, Stephen Henson via RT wrote:
An alternative technique is mentioned in:
http://marc.info/?l=openssl-devm=118001266831974w=2
There patch from that thread is at:
On Fri, Sep 07, 2007, Charles Longeau wrote:
Hi,
In this patch, I've tried to spot fgets calls which return value was
not checked.
Please send patches to rt otherwise they might get mislaid.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core
On Fri, Sep 07, 2007, Hanno Bck wrote:
Hi,
I am working for a webspace provider and we think about having sni for
ssl-certificates for our customers.
From what I know, this is only supported in openssl 0.9.9, which is not yet
released.
TLS extension support along with sni has now
On Fri, Sep 14, 2007, Martin Peylo wrote:
Hi,
I'm implementing an extension to OpenSSL which has to communicate with
a 3rd party software. Now I'm having problems parsing it's answers
since it sends back a GeneralName choice, holding a directoryName
with a RDNSequence of zero length. I'm
On Tue, Sep 18, 2007, Pierre-Yves Ritschard via RT wrote:
On Tue, 18 Sep 2007 15:44:46 +0200 (CEST)
Ben Laurie via RT [EMAIL PROTECTED] wrote:
According to our records, your request has been resolved. If you have
any further questions or concerns, please respond to this message.
I
On Thu, Sep 20, 2007, [EMAIL PROTECTED] wrote:
Hi,
I am trying to perform certification verification for a self-signed CA
certificate as well as another certificate signed by this CA. The problem is
that the verification always fails.
Here is what I do:
/* Convert the DER encoded
On Thu, Sep 20, 2007, Andreas Hasenack wrote:
Em Qui, 2007-09-20 às 19:45 +0100, Bruce Stephens escreveu:
Andreas Hasenack [EMAIL PROTECTED] writes:
[...]
Any hints?
gcc-4.2? If so, try gcc-4.1 if you can, otherwise try disabling all
the asm stuff.
Disabling asm (i.e.,
On Thu, Oct 04, 2007, Urjit Gokhale (Gmail) wrote:
Hello everyone,
I have facing a SIGSEGV in SSL_CTX_load_verify_locations() on HP itanium
machine.
I am building two different applications and the openssl libraries in 32 bit.
The ssl libraries are statically linked with my applications.
On Thu, Oct 04, 2007, Urjit Gokhale (Gmail) wrote:
Please try a recent snapshot of the relevant version of OpenSSL and see if
that fixes this issue.
I managed to get the latest tarball from openssl.org/source.
The problem is still there, and i still get SIGSEGV.
Please let me know
On Mon, Oct 08, 2007, Clemens Koller wrote:
Hello!
I am new to this list, so if this is already known, I am sorry to feed that
dead horse again.
For some time now (since gcc-4.2.0, I run into this ICE which should
propably be
fixed on openssl's side. This is not specific to my embedded
On Mon, Oct 08, 2007, Clemens Koller wrote:
Dr. Stephen Henson schrieb:
On Mon, Oct 08, 2007, Clemens Koller wrote:
I am new to this list, so if this is already known, I am sorry to feed
that
dead horse again.
For some time now (since gcc-4.2.0, I run into this ICE which should
On Mon, Oct 08, 2007, Heit, James R via RT wrote:
I get a X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT (18) error in the verify
callback function.
That happens when there is a root CA sent by the server but it doesn't match
the trusted one.
I suggest you dump the root CA using the -showcerts
On Tue, Oct 09, 2007, Gilles Espinasse wrote:
I had same problem as in http://marc.info/?l=openssl-devm=118225527702099w=2
regarding compilation of openssl-0.9.7m on an alpha ev45.
To my understanding, the wrong /mcpu/march/ change has been reversed on 0.9.8
branch
On Tue, Oct 09, 2007, Alex Lam wrote:
Hi,
I noticed that the DTLS record layer MAC is computed using wrong input.
* Instead of using DTLS version , it's using TLS version.
* DTLS record layer epoch is also missing.
Please find patch file attached.
I am looking forward to 0.9.8f as it
On Mon, Oct 15, 2007, Kurt Roeckx wrote:
Hi,
The security announcement had this in it:
Recommendation
--
Either
a) Upgrade to the latest version of OpenSSL (0.9.8f) and rebuild all
packages using OpenSSL for DTLS.
or,
b) Disable DTLS.
How do I disable
On Thu, Nov 22, 2007, Guenter Knauf wrote:
Hi all,
I develop since years for the NetWare platform.
In the past I did just send my patches to the Novell developers who
maintained the NetWare OpenSSL port, but they are no longer with Novell,
and it seems that at Novell nobody cares now about
On Fri, Nov 30, 2007, Brad House wrote:
I didn't actually know a public CVS branch existed for 0.9.8 fips until
an e-mail last night. Is the only way to grab the current branch to
rsync the _entire_ openssl cvs repository then do a local checkout?
Are there any shapshots of that branch
On Mon, Dec 03, 2007, Andy Polyakov wrote:
I just opened the README.FIPS myself, and was looking at the Windows
build process and came across this:
With this version the use of MinGW is unnecessary and the normal VC++
build procedure can be followed *except* the GNU linker ld.exe
(for
On Mon, Dec 10, 2007, JBYTuna wrote:
This a first time post for me on this list.
We have been chasing a problem, using OpenSSL on z/OS (OS/390) for several
years.
The problem surrounded 2-way authentication, with the SSL server on z/OS.
Although the proper client is sent to the server,
On Fri, Dec 14, 2007, Richard Koenning wrote:
When i look at the long list of entries in
http://rt.openssl.org/NoAuth/Buglist.html i can understand, that the EBCDIC
patches don't have the highest priority for the OpenSSL team. Therefore the
best advice i can give is to use RT entry #843
On Thu, Jan 03, 2008, Mladen Turk wrote:
Anyhow, here they are again.
simply copy the patch to the source and:
patch -tfs -p0 -i openssl-.patch
Patch applied, thanks.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance
On Fri, Jan 04, 2008, Guenter Knauf wrote:
Hi Andy,
therefore I'd suggest to modify this to catch the stderr output:
my $ver=`nasm -v 2NULL`;
my $vew=`nasmw -v 2NULL`;
# pick newest version
$asm=($ver gt $vew?nasm:nasmw). -f win32;
sorry, of course should be:
On Fri, Jan 04, 2008, Guenter Knauf wrote:
Hi Steve,
Patches applied.
thanks very much!
I didn't include the change to mk1mf.pl that changed the install
command for the include files though. The *.[ch] version is needed in
WIN32 to include applink.c
hmmm, since I compile on Win32
On Fri, Jan 04, 2008, Guenter Knauf wrote:
I've now updated the WIN32 build system to use AES and some of the other
assembly language files for SHA2 as well. You might want to do something
similar for the netware build.
yes, sure!
I've added the two new ones sha256 and sha512 to the
On Sat, Jan 05, 2008, Guenter Knauf wrote:
Creating the things in the batch file seems a bit of a hack and they could
be handled in the makefile in the same way as the Unix build.
The Configure script also works out things like CFLAGS for the relevant
options. The WIN32 build partly
On Thu, Jan 24, 2008, Jeff Barry wrote:
In the short term I am dropping back to openssl-0.9.8e which builds, tests,
and
installs without problem using VS2003.
I'd suggest you try the free nasm assembler instead. MASM support is being
dropped from 0.9.9-dev and later anyway.
Steve.
--
Dr
On Thu, Jan 31, 2008, Peter Waltenberg wrote:
OPENSSL_cleanse() doesn't zero memory regions, it fills them with
pseudo-random data.
Edit crypto/mem_clr.c and replace that code with memset(ptr,'\0',len); and
just clear the region - you'll see a significant performance boost if
that's your
On Mon, Feb 11, 2008, Guenter Knauf wrote:
Hi,
there are some recommened methods for creating a ca-bundle.crt
most use the openssl commandline with something like:
openssl x509 -fingerprint -text -in infile -inform PEM outfile
which produces a bunch of text info beside the PEM certs
On Mon, Feb 11, 2008, Paruchuri, Kranti Kumar wrote:
Hello,
This is Kranti Kumar Paruchuri, working with CA, India.
I have a question regarding the OpenSSL-V3. I have been working on the
X.509 certificate CRL Distribution Point extension. Our application
requires supporting the
301 - 400 of 1282 matches
Mail list logo